Think Your Lost Smartphone Is Safe? Think Again
CREDIT: Thank You/Shutterstock.com
If you found a smartphone on an elevator or at the mall or on the subway, would you grab it? If you did, would you try to return the device to its rightful owner, or would you snoop to see what kind of personal information was stored on the phone? According to the results of a sneaky new experiment, you most likely fall into the last category.
Late last year, the security firm Symantec kicked off its "Smartphone Honey Stick Project," a covert experiment named for fake websites deployed to snare hackers, aimed at determining how many people attempted to access personal files on found phones, as well as what types of files people gravitated to the most.
Symantec placed 50 smartphones in New York City, Washington, D.C., Los Angeles, the San Francisco Bay Area and Ottawa, Canada. Left in public, high-traffic areas such as food courts and public transit stops, each unlocked smartphone was outfitted with software that allowed Symantec researchers to track what types of information — banking, contacts, corporate email, financial — the finders tried to access.
The results aren't exactly inspiring, and may cause you to keep a tighter grip on your own personal smartphone.
The honey stick project revealed that 96 percent of the lost smartphones were accessed in some way; 89 percent were accessed for personal-related apps, while 83 percent were accessed for corporate-related apps.
Of this 83 percent, attempts were made to access corporate email on 45 percent of the phones, and a file called "HR Salaries" was accessed on 53 percent of phones.
Only 50 percent of people who found one of the 50 "lost" phones contacted the phone's owner — Symantec — and provided contact information.
"This finding demonstrates the high risks posed by an unmanaged, lost smartphone to sensitive corporate information," Symantec wrote. "It demonstrates the need for proper security policies and device/data management. This is especially true in the age of the consumerization of IT and Bring Your Own Device (BYOD), when mobile devices are flowing into and out of corporate infrastructures at unheard-of rates."
On another disheartening note, phone finders attempted to access private photos on 72 percent of the phones, and attempts were made to access online banking data on 43 percent of the phones.
Social networking profiles and personal email accounts were not spared; people tried to access both on more than 60 percent of the phones, and a file called "Saved Passwords" was accessed on 57 percent of smartphones.
Symantec said that even if the chances are slim that a lost phone would be returned, people can still protect their personal information by taking precautions to secure files stored on smartphones and make sure your phone is locked by default and protected with a secure, difficult-to-guess password.
This story was provided by SecurityNewsDaily, a sister site to TechNewsDaily.